The 'postgresql_privs' module is not idempotent in certain cases #44
Description
SUMMARY
Certain grant and revoke actions in the postgresql_privs module are not idempotent since Ansible 2.10.1. I have checked this on multiple versions of Ansible:
ansible: 2.10.0
ansible-base: 2.10.1
status: idempotent
ansible: 2.10.0
ansible-base: 2.10.2
status: idempotent
ansible: 2.10.1
ansible-base: 2.10.2
status: non-idempotent
ansible: 2.10.2
ansible-base: 2.10.3
status: non-idempotent
ansible: 2.10.3
ansible-base: 2.10.4
status: non-idempotent
ansible: 2.10.4
ansible-base: 2.10.4
status: non-idempotent
ansible: 2.10.5
ansible-base: 2.10.5
status: non-idempotent
ISSUE TYPE
- Bug Report
COMPONENT NAME
postgresql_privs
ANSIBLE VERSION
ansible 2.10.5
config file = None
configured module search path = ['/home/drybjed/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/drybjed/.local/lib/python3.7/site-packages/ansible
executable location = /home/drybjed/.local/bin/ansible
python version = 3.7.3 (default, Dec 20 2019, 18:57:59) [GCC 8.3.0]
CONFIGURATION
Nothing changed
OS / ENVIRONMENT
OS: Debian 10 (Buster)
Database: PostgreSQL 11
STEPS TO REPRODUCE
---
- hosts: 'localhost'
become: True
tasks:
- name: Grant connect on postgres to PUBLIC
postgresql_privs:
database: 'postgres'
port: '5432'
role: 'PUBLIC'
type: 'database'
privs: 'CONNECT'
state: 'present'
become: True
become_user: 'postgres'
- name: Revoke temporary on postgres from PUBLIC
postgresql_privs:
database: 'postgres'
port: '5432'
role: 'PUBLIC'
type: 'database'
privs: 'TEMPORARY'
state: 'absent'
become: True
become_user: 'postgres'EXPECTED RESULTS
The playbook grants and revokes the permissions on the first run, on second run nothing is changed.
ACTUAL RESULTS
Playbook reports the changed status on each execution.
TASK [Grant connect on postgres to PUBLIC] ****************************************************************************************************************
changed: [localhost] => changed=true
invocation:
module_args:
ca_cert: null
database: postgres
fail_on_role: true
grant_option: null
host: ''
login: postgres
login_host: ''
login_password: ''
login_unix_socket: ''
login_user: postgres
objs: null
password: ''
port: 5432
privs: CONNECT
role: PUBLIC
roles: PUBLIC
schema: null
session_role: null
ssl_mode: prefer
state: present
target_roles: null
trust_input: true
type: database
unix_socket: ''
usage_on_types: true
queries:
- GRANT CONNECT ON database "postgres" TO PUBLIC;
TASK [Revoke temporary on postgres from PUBLIC] ***********************************************************************************************************
changed: [localhost] => changed=true
invocation:
module_args:
ca_cert: null
database: postgres
fail_on_role: true
grant_option: null
host: ''
login: postgres
login_host: ''
login_password: ''
login_unix_socket: ''
login_user: postgres
objs: null
password: ''
port: 5432
privs: TEMPORARY
role: PUBLIC
roles: PUBLIC
schema: null
session_role: null
ssl_mode: prefer
state: absent
target_roles: null
trust_input: true
type: database
unix_socket: ''
usage_on_types: true
queries:
- REVOKE TEMPORARY ON database "postgres" FROM PUBLIC;